IP networks and net masks

David A. Bandel david
Mon May 17 11:43:22 PDT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 24 Jan 2003 11:30:24 -0500
begin  Tim Wunder <tim at thewunders.org> spewed forth:

> On 1/24/2003 10:56 AM, someone claiming to be David A. Bandel wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > On Fri, 24 Jan 2003 09:25:57 -0500
> > begin  Tim Wunder <tim at thewunders.org> spewed forth:
> > 
> > 
> >>I'm currently using a freesco router to access the internet.
> >Currnetly, >I have no controls on it for local access out to the
> >internet. So my >son's PC accesses the internet by using the router as
> >the gateway. Now, >I'd like to be able to allow only 192.168.1.2 (my
> >PC/server) to be able >to access the internet through my router, and to
> >run squid and >squid-guard (or dans guardian) on my server to control
> >internet access.>
> >>Now, freesco allows me to add IP addresses to /etc/banlist.cfg. I can 
> >>ban a single IP address by adding the line "l,192.168.1.5", or a
> >network>
> >>by adding "l,192.168.1.0/24". Can I use a netmask other than /24 that 
> >>would only allow 192.168.1.2 access to the 'net thru the router?
> >>
> >>Any other ideas for a means of controlling 'net access?
> > 
> > 
> > 
> > I don't know about Freesco.  However, under iptables it's very easy to
> > redirect all systems attempting to bypass the Squid system back to the
> > the squid system.
> > 
> > Basically, only allow port 80 requests from squid's IP out, and
> > redirect all queries from other systems back to squid.  No worries.  I
> > believe in the iptables documentation they even have an example of how
> > to set up this very task (if not, it's in the squid docs -- I know
> > I've seen it).
> > 
> 
> Interesting. Thanks. I'll do that when I get the router part 
> straightened out. The way the router is set up, the server that would be
> 
> running squid can be bypassed just by specifying the router as the 
> gateway, so whatever iptables rules I set up would be irrelevant.

No, squid cannot by bypassed by specifying the router as the gateway if
you tell the Linux gateway running iptables to redirect all port 80
queries that come from other than squid back to squid.  Please read what I
wrote before.  I'm unfamiliar w/ Freesco so I can't help you there (unless
it's just another Linux distro).

Ciao,

David A. Bandel
- -- 
Focus on the dream, not the competition.
		-- Nemesis Racing Team motto
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+MXdA3uVcotqGMQcRAuzMAKCrrzx5aT6xIq4UGrtKA1H9IaGdjQCg5dqY
EeJoIy2cL9D+Dt7KjyvUUCQ=
=fkKm
-----END PGP SIGNATURE-----

More information about the Linux-users mailing list